[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
huawei
On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said:
> How? There is truly not that much room in the IP packet to play games and
> if you're modifying all your traffic this would again be pretty easy to
> spot. Again, the easiest/cheapest method is that there is a backdoor there
> already.
Do you actually examine your traffic and drop packets that have non-zeros
in reserved fields? (Remember what that did to the deployment of ECN?)
And there's plenty of room if you stick a TCP or IP option header in there. Do
you actually check for those too?
How fast can you send data to a cooperating router down the way if you splat
the low 3 bits of TCP timestamps on a connection routed towards the cooperating
router? (SUre, you just busted somebody's RTT calculation, but it will just
decide it's a high-jitter path and deal with it).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130614/7d31bcb5/attachment.bin>
- Follow-Ups:
- huawei
- From: mike at mtcc.com (Michael Thomas)
- huawei
- From: khelms at zcorum.com (Scott Helms)
- References:
- huawei
- From: patrick at ianai.net (Patrick W. Gilmore)
- huawei
- From: mike at mtcc.com (Michael Thomas)
- huawei
- From: symack at gmail.com (Nick Khamis)
- huawei
- From: khelms at zcorum.com (Scott Helms)
- huawei
- From: bill at herrin.us (William Herrin)
- huawei
- From: khelms at zcorum.com (Scott Helms)
- huawei
- From: mike at mtcc.com (Michael Thomas)
- huawei
- From: khelms at zcorum.com (Scott Helms)
- huawei
- From: rsk at gsp.org (Rich Kulawiec)
- huawei
- From: khelms at zcorum.com (Scott Helms)